Browse Source

Merge "Neutron: add support to use legacy iptables"

changes/38/688938/1
Zuul 3 years ago committed by Gerrit Code Review
parent
commit
ec57047f9e
  1. 11
      docker/neutron/neutron-base/extend_start.sh
  2. 4
      docker/neutron/neutron-base/neutron_sudoers

11
docker/neutron/neutron-base/extend_start.sh

@ -7,4 +7,15 @@ if [[ $(stat -c %a /var/log/kolla/neutron) != "755" ]]; then
chmod 755 /var/log/kolla/neutron
fi
# set legacy iptables to allow kernels not supporting iptables-nft
if /usr/bin/update-alternatives --query iptables; then
if [[ $KOLLA_LEGACY_IPTABLES == "true" ]]; then
sudo /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
else
sudo /usr/bin/update-alternatives --auto iptables
sudo /usr/bin/update-alternatives --auto ip6tables
fi
fi
. /usr/local/bin/kolla_neutron_extend_start

4
docker/neutron/neutron-base/neutron_sudoers

@ -1,2 +1,6 @@
neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto iptables
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto ip6tables

Loading…
Cancel
Save